From 7ec846be8be10183e2d69bc272a82a7611dfe286 Mon Sep 17 00:00:00 2001 From: Xiangyu Chen Date: Mon, 26 Dec 2022 15:16:19 +0800 Subject: grub2: backport patch to fix CVE-2022-2601 CVE-2022-3775 Backport patch from upstream to solve CVE-2022-2601 CVE-2022-3775 dependency: font: Fix size overflow in grub_font_get_glyph_internal() (https://git.savannah.gnu.org/cgit/grub.git/commit/?id=9c76ec09ae08155df27cd237eaea150b4f02f532) Backport patch from upstream to fix following CVEs: CVE-2022-2601: font: Fix several integer overflows in grub_font_construct_glyph() (https://git.savannah.gnu.org/cgit/grub.git/commit/?id=768e1ef2fc159f6e14e7246e4be09363708ac39e) CVE-2022-3775: font: Fix an integer underflow in blit_comb() (https://git.savannah.gnu.org/cgit/grub.git/commit/?id=992c06191babc1e109caf40d6a07ec6fdef427af) (From OE-Core rev: fa5a42150098be892246146456faed778e28ef94) Signed-off-by: Xiangyu Chen Signed-off-by: Steve Sakoman Signed-off-by: Liwei Song Signed-off-by: Richard Purdie --- meta/recipes-bsp/grub/grub2.inc | 3 +++ 1 file changed, 3 insertions(+) (limited to 'meta/recipes-bsp/grub/grub2.inc') diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index e819cb9775..bf7aba6b1c 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -37,6 +37,9 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://loader-efi-chainloader-Simplify-the-loader-state.patch \ file://commands-boot-Add-API-to-pass-context-to-loader.patch \ file://CVE-2022-28736-loader-efi-chainloader-Use-grub_loader_set_ex.patch\ + file://0001-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch \ + file://CVE-2022-2601.patch \ + file://CVE-2022-3775.patch \ " SRC_URI[sha256sum] = "23b64b4c741569f9426ed2e3d0e6780796fca081bee4c99f62aa3f53ae803f5f" -- cgit v1.2.3-54-g00ecf